Vulnerabilities (CVE)

Filtered by vendor Evan Dandrea Subscribe
Filtered by product Usb-creator
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-1063 2 Canonical, Evan Dandrea 2 Ubuntu Linux, Usb-creator 2024-11-21 4.6 MEDIUM N/A
usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
CVE-2011-1828 1 Evan Dandrea 1 Usb-creator 2024-11-21 2.1 LOW N/A
usb-creator-helper in usb-creator before 0.2.28.3 does not enforce intended PolicyKit restrictions, which allows local users to perform arbitrary unmount operations via the UnmountFile method in a dbus-send command.